Monday, June 27, 2011

Thomas Wright Falsely Claims U.S. Double Standard In Cyber Warfare

Thomas Wright is the Executive Director of Studies at the Chicago Council on Global Affairs. His OpEd in the Financial Times today "America has double standards in fighting cyberwar" attempts to make the case that the U.S. is hypocritical in its approach to building an international consensus on cybersecurity.

While Wright's academic credentials are impressive, he loses a lot of credibility with his opening sentence which claims that the CIA website was hacked, and that it, plus the IMF and Citibank attacks have pushed us to the brink of "cyberwar". Frankly, anyone who thinks that a website that suffered a Denial of Service attack has been "hacked" has no business writing about cyber-anything let alone something as emotionally charged and least understood as "cyberwar".

He immediately moves on to mis-state the White House position on optional responses to a cyber attack. There is no White House strategy that treats cyber attacks as acts of war. I encourage Mr. Wright to actually read the White House's International Strategy for Cyberspace (,pdf) rather than guessing what it contains. Here's a very brief summary taken from the report:

"International Strategy for Cyberspace", p. 12

Later, he refers to the well-publicized but non-supported theory that the Stuxnet worm was a U.S-Israeli operation. Personally, I doubt that Mr. Wright has spent any time at all evaluating what is known and unknown about the Stuxnet worm but I challenge him to present any evidence in support of that theory. He won't, of course, because there is none.

Thomas Wright has a Ph.D. in government from Georgetown University and lectures on National Security. He apparently is not a lawyer so I can forgive his liberal use of "act of war" which is a non-existent entity in the Law of Armed Conflict. But he's sufficiently educated where one of his professors at Georgetown, Cambridge or University College Dublin should have taught him some critical thinking skills. It doesn't take a Ph.D. to understand cybersecurity sufficiently to engage in discourse about the many difficult issues that need addressing. It does, however, require a commitment to spend some time understanding the facts first and making oneself familiar with the source material. Based solely upon reading Wright's OpEd, he doesn't know what a DoS attack is, he doesn't know what an act of war is, he doesn't understand the White House's strategy for cyberspace, and he assumes that the U.S. was behind Stuxnet without knowing why. This doesn't reflect well for Mr. Wright or the Chicago Council on Global Affairs that employs him. In fact, it goes contrary to the stated mission of the Chicago Council - to influence discourse. I'm assuming that the Council's board mean't "responsible" discourse.